release 1.2.0

project.clj

@@ -1,4 +1,4 @@
-(defproject com.github.gerritjvv/codex "0.1.1"
+(defproject com.github.gerritjvv/codex "1.2.0"
   :description "Simple fast library that compress, encrypt and encode data, for session storage and other use-cases"
   :url "https://github.com/gerritjvv/codex"
   :license {:name "Apache License 2.0"
@@ -9,7 +9,7 @@
 
   :javac-options     ["-target" "1.8" "-source" "1.8"]
   :dependencies [[org.clojure/clojure "1.10.0-alpha6"]
-                 [com.github.gerritjvv/encode-core "1.1.0"]]
+                 [com.github.gerritjvv/encode-core "1.2.0"]]
 
   :deploy-repositories [["releases" :clojars]
                         ["snapshots" :clojars]])

src/clojure/codex/core.clj

@@ -1,42 +1,72 @@
 (ns codex.core
 
   (:require [codex.util :as util])
-  (:import (crypto Key$ExpandedKey Key$KeySize)
+  (:import (crypto Key$ExpandedKey Key$KeySize Key)
            (codex.encode Encoder KryoEncoder CryptoEncoder Lz4Encoder)
-           (clojure.lang PersistentArrayMap Keyword Symbol PersistentHashMap PersistentHashSet PersistentList PersistentVector BigInt PersistentVector$ChunkedSeq)
+           (clojure.lang PersistentArrayMap Keyword Symbol PersistentHashMap PersistentHashSet PersistentList PersistentVector BigInt PersistentVector$ChunkedSeq LazySeq)
            (codex.serializers PersistentArrayMapSerde KeywordSerde PersistentMapSerde SymbolSerde SeqSerde PersistentHashSetSerde PersistentListSerde PersistentVectorSerde BigIntSerde PersistentRecordSerde)
            (com.esotericsoftware.kryo Serializer Registration)))
 
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;
+
+(defmulti gen-expanded-key (fn [t k] t) :default :sha256+hmac512)
+
+(defmethod gen-expanded-key :sha128+hmac256 [_ k]
+  (.genKeysHmacSha (Key$KeySize/AES_128) ^"[B" (util/-as-bytes k)))
+
+(defmethod gen-expanded-key :sha256+hmac512 [_ k]
+  (.genKeysHmacSha (Key$KeySize/AES_256) ^"[B" (util/-as-bytes k)))
+
+
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;; expanded keys
-;;;; use (expand-pass :sha256+hmac512 "mypass")
-(defmulti expand-pass (fn [t pass] t) :default :sha256+hmac512)
+;;;; use (expand-pass :sha256+hmac512 "salt" "mypass")
+;;;;     (expand-pass :sha128+hmac256 "salt" "mypass")
+
+(defmulti derive-pass (fn [t salt pass] t) :default :sha256+hmac512)
+
+(defmethod derive-pass :sha128+hmac256 [_ salt pass]
+  (Key/deriveHmac256FromPass (util/-as-bytes salt) (util/-as-bytes pass)))
 
-(defmethod expand-pass :sha128+hmac256 [_ pass]
-  (.genKeysHmacSha (Key$KeySize/AES_128) ^"[B" (util/-as-bytes pass)))
+(defmethod derive-pass :sha256+hmac512 [_ salt pass]
+  (Key/deriveHmac512FromPass (util/-as-bytes salt) (util/-as-bytes pass)))
 
-(defmethod expand-pass :sha256+hmac512 [_ pass]
-  (.genKeysHmacSha (Key$KeySize/AES_256) ^"[B" (util/-as-bytes pass)))
+(defn derive-pass-default
+  ([pass]
+   (derive-pass-default nil pass))
+  ([salt pass]
+   (derive-pass :sha256+hmac512 salt pass)))
 
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;; expand an already pseudo random key
+;;;  if you don't know what you're doing, use the derive-pass function
+;;;
+(defmulti expand-key (fn [t pass] t) :default :sha128+hmac256)
 
-(defn expand-pass-default [pass]
-  (expand-pass :sha256+hmac512 pass))
+(defmethod expand-key :sha128+hmac256 [_ k]
+  (Key/genHmacSha256 (util/-as-bytes k)))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;; Crypto encoder wrapper
 
+(defn ensure-expanded-key ^Key$ExpandedKey [k]
+  (if (instance? Key$ExpandedKey k)
+    k
+    (gen-expanded-key :sha256+hmac512 k)))
 
 ;Create an encoder that encrypt using AES+CBC or AES+GCM.
 ;           The bits used depends on the key:
 ;            For AES+CBC+HMAC512 use a of :sha256+hmac512
 ;            For AES+GCM  use :sha128+hmac256
 (defmulti crypto-encoder (fn [t k encoder] t))
 
-(defmethod crypto-encoder :aes-cbc-hmac [_ key encoder]
-  (CryptoEncoder/getCBCHmacInstance ^Key$ExpandedKey key encoder))
+(defmethod crypto-encoder :aes-cbc-hmac [_ k encoder]
+  (CryptoEncoder/getCBCHmacInstance ^Key$ExpandedKey (ensure-expanded-key k) encoder))
 
-(defmethod crypto-encoder :aes-gcm [_ key encoder]
-  (CryptoEncoder/getGCMInstance ^Key$ExpandedKey key encoder))
+(defmethod crypto-encoder :aes-gcm [_ k encoder]
+  (CryptoEncoder/getGCMInstance ^Key$ExpandedKey (ensure-expanded-key k) encoder))
 
 (defn lz4-encoder ^Encoder [^Encoder encoder]
   (when (instance? CryptoEncoder encoder)
@@ -73,7 +103,7 @@
 (defn register-class!
   "Kryo serde registration"
   [clazz]
-  (KryoEncoder/register clazz))
+  (KryoEncoder/register ^Class clazz))
 
 (defmacro register-record! [^Class r]
   `(KryoEncoder/register ~r
@@ -103,6 +133,7 @@
                 [PersistentVector (PersistentVectorSerde.)]
                 [PersistentList (PersistentListSerde.)]
                 [PersistentVector$ChunkedSeq (SeqSerde.)]
+                [LazySeq (SeqSerde.)]
 
                 [BigInt (BigIntSerde.)]
                 ]]

src/clojure/codex/util.clj

@@ -9,6 +9,10 @@
   String
   (-as-bytes [v] (.getBytes (str v) "UTF-8")))
 
+(extend-protocol Bytes
+  nil
+  (-as-bytes [_] nil))
+
 
 (extend-protocol Bytes
   (Class/forName "[B")

test/codex/encrypt_encode_tests.clj

@@ -5,19 +5,20 @@
 
 
 (deftest test-expand-key
-  (let [k1 (codex/expand-pass :sha128+hmac256 "secret")
-        k2 (codex/expand-pass :sha256+hmac512 "secret")]
+  (let [k1 (codex/derive-pass :sha128+hmac256 "test-salt" "secret")
+        k2 (codex/derive-pass :sha256+hmac512 "test-salt" "secret")]
 
-    (is (instance? Key$ExpandedKey k1))
-    (is (instance? Key$ExpandedKey k2))))
+    (is (not (nil? k1)))
+    (is (not (nil? k2)))))
 
 (deftest test-encrypt-decrypt-gcm
   (let [encoder (->>
                   (codex/kryo-encoder)                              ;; convert to bytes
                   (codex/lz4-encoder)                               ;; compress
                   (codex/crypto-encoder                             ;; encrypt
                     :aes-cbc-hmac
-                    (codex/expand-pass :sha256+hmac512 "secret")))
+                    (codex/derive-pass :sha256+hmac512 "salt" "secret")
+                    ))
 
         data {:a 1 :b {:c [1 2 3]}}
 
@@ -28,7 +29,7 @@
       (= data decoded-data))))
 
 (deftest test-encrypt-decrypt-default-encoder
-  (let [encoder (codex/default-encoder (codex/expand-pass :sha256+hmac512 "secret"))
+  (let [encoder (codex/default-encoder (codex/derive-pass :sha256+hmac512 "salt" "secret"))
         data {:a 1 :b {:c [1 2 3]}}
 
         encrypted-data (codex/encode encoder data)

test/codex/kryo_encode_tests.clj

@@ -50,7 +50,8 @@
   (let [_ (codex/register-record! MyRecord)
 
         data (->MyRecord 1 2)
-        encoder (codex/default-encoder (codex/expand-pass-default "secret"))
+        encoder (codex/default-encoder (codex/gen-expanded-key :sha128+hmac256
+                                                               (codex/derive-pass-default "test-salt" "secret")))
         encoded-data (codex/encode encoder data)
         decoded-data (codex/decode encoder encoded-data)]